Title :
DoS attack countermeasures in NGN using private security policy
Author :
Okada, Yasuyoshi ; Nishikawa, Yasuhiro ; Sato, Naoshi
Author_Institution :
Inst. of Inf. Security, Yokohama, Japan
Abstract :
This paper proposes countermeasures against denial of service (DoS) attacks on the Next Generation Network (NGN). Applying a private security policy to IP packets flowing from the Internet into the NGN, the IP packets are checked and abnormal packets for DoS attacks are detected at edge routers on the NGN exit-side. An DoS attack notification is sent back from the edge routers to the entrance-side edge routers, which mark matching IP packets and send them around a loop added to their route. The feature of our method is that attack packets are delayed rather than just discarded to avoid the loss of normal packets misrecognized as attack packets by letting the end user decide their normality. This is acceptable because DoS attack packets are usually meaningless rather than dangerous. Our method eliminates attack-induced congestion and restores service provision. Its effectiveness was verified by network simulations.
Keywords :
IP networks; Internet; computer network security; electronic countermeasures; DoS attack; IP packets; Internet; NGN; countermeasures; denial of service; next generation network; private security policy; Bandwidth; Communication system control; Computer crime; IP networks; Information security; Internet; Network servers; Next generation networking; Proposals; Protocols; DDoS; DoS; NGN; Personal Information Security Policy; Routing Control Method;
Conference_Titel :
Information and Telecommunication Technologies (APSITT), 2010 8th Asia-Pacific Symposium on
Conference_Location :
Kuching
Print_ISBN :
978-1-4244-6413-5
Electronic_ISBN :
978-4-88552-244-4
